Seedify Fund—a Web3 gaming incubator and launchpad—suffered a major exploit on its cross-chain bridge infrastructure.
Hackers linked to North Korea’s state-affiliated groups (commonly known as DPRK or Lazarus Group) compromised a developer’s private key, enabling them to modify the Omnichain Fungible Token (OFT) bridge contract on Avalanche.
This allowed the unauthorized minting of approximately 8.8 million fake SFUND tokens, which were then bridged and dumped across multiple networks, draining liquidity and causing the token’s price to crash dramatically.
The attack is tied to the “Contagious Interview” campaign, a DPRK operation that has targeted over 230 entities in recent months, according to blockchain analytics from SentinelLABS and investigator ZachXBT.
Binance founder Changpeng Zhao (CZ) publicly stated on X that the incident “looks like North Korea DPRK,” noting that major centralized exchanges (CEXs) had blacklisted the attacker’s addresses. SFUND’s price plummeted 99.99% from ~$0.43 to under $0.01, before partially recovering to around $0.21–$0.25.
Early inflated estimates reached $9M–$40M in losses, but confirmed figures settled at $1.2M–$1.7M. This incident underscores persistent DeFi vulnerabilities, especially in bridges, which have seen rising attacks in 2025 amid DPRK’s record $1.3B+ in crypto thefts this year.
How the Exploit Unfolded
Attackers gained access to a Seedify developer’s private key, likely through social engineering or phishing tactics common in DPRK operations. Using the key, they altered the bridge contract settings on Avalanche which had previously passed audits to enable unauthorized minting of SFUND tokens.
The fake tokens were bridged to Ethereum, Arbitrum, Base, and BNB Chain. Liquidity pools (e.g., on PancakeSwap) were drained by swapping the counterfeit SFUND for real assets like BNB and ETH.
Most proceeds—estimated at $1.2 million—were sold on BNB Chain, impacting around 64,000 holders there alone. Initial reports inflated losses to $8.8 million, but confirmed figures settled at $1.2–1.7 million after on-chain analysis.
The core protocol, user wallets, and Seedify’s website remained unaffected, as the breach was isolated to the bridge’s minting permissions. The exploit triggered a massive panic sell-off, with SFUND’s price plummeting from around $0.42–0.65 to as low as $0.04–0.05 within minutes—a drop of up to 99%.
It has since partially recovered to approximately $0.24–0.28, but remains down 35–60% in the last 24 hours, 50% monthly, and 80% year-to-date. The crash erased roughly $40 million in market cap temporarily and affected tens of thousands of wallets.
Seedify paused all bridges, revoked compromised permissions, blacklisted attacker addresses across chains, and halted trading on CEXs to prevent further dumping.
Worked with sleuths like ZachXBT and security firms (e.g., Cyvers) for tracing. Offered bounties for fund recovery. CZ confirmed $200,000 in stolen funds frozen at HTX; other CCEXs like Binance followed suit with blacklists.
Advised against buying SFUND on affected chains until cleared; emphasized no risk to core liquidity. Seedify founder Meta Alchemist expressed devastation on X, noting the hackers “took everything we built over 4.5 years in one hack.”
The team has committed to full transparency and audits, with bridges expected to resume after fixes. This incident underscores ongoing risks in DeFi bridges, a frequent target for DPRK hackers funding state programs (e.g., weapons development, per UN reports).
It echoes past exploits like Ronin (2022), where similar tactics stole $625 million. For users: Revoke unused approvals regularly, avoid unverified bridges, and monitor for phishing. Seedify, despite the hit, has a strong track record in gaming launches and BNB ecosystem ties—recovery depends on swift restitution and regained trust.